search

nicolasblanco / rails_param

Parameter Validation & Type Coercion for Rails
MIT License
942 stars 89 forks source link

get a warning in rails5 #30

Open wenxuankou opened 8 years ago

wenxuankou commented 8 years ago

i get a warning in rails5,"some methods will be remove in rails5.1",Please consider compatibility in rails5

adis-io commented 8 years ago

DEPRECATION WARNING: Method member? is deprecated and will be removed in Rails 5.1, as ActionController::Parameters no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.0.1/classes/ActionController/Parameters.html (called from coerce_type at [FILTERED])

estebanbouza commented 7 years ago

I have been browsing the code but cannot find any direct invocation of member?. Running RSpec passes all tests however there are many warnings thrown, like this ones:

DEPRECATION WARNING: ActionController::TestCase HTTP request methods will accept only keyword arguments in future Rails versions.
DEPRECATION WARNING: `render :text` is deprecated because it does not actually render a `text/plain` response. Switch to `render plain: 'plain text'` to render as `text/plain`, `render html: '<strong>HTML</strong>'` to render as `text/html`, or `render body: 'raw'` to match the deprecated behavior and render with the default Content-Type, which is `text/plain`. (called from edit at /Users/<username>/projects/rails_param/spec/fixtures/controllers.rb:31)
WARNING: Using the `raise_error` matcher without providing a specific error or message risks false positives, since `raise_error` will match when Ruby raises a `NoMethodError`, `NameError` or `ArgumentError`, potentially allowing the expectation to pass without even executing the method you are intending to call. Actual error raised was #<RailsParam::Param::InvalidParameterError: Parameter is required>. Instead consider providing a specific error class or message. This message can be suppressed by setting: `RSpec::Expectations.configuration.on_potential_false_positives = :nothing`. Called from /Users/<username>/projects/rails_param/spec/rails_param/param_spec.rb:216:in `block (4 levels) in <top (required)>'.

My guess is that the first deprecation warning, the one related to TestCase HTTP request methods or the render one are using internally the call to member?. I don't know very well how to fix it (update dependent libraries?). Perhaps @nicolasblanco can give some insight?